Lucene search

ProgressSoftwareCVELIST:CVE-2024-0219

HistoryJan 31, 2024 - 3:11 p.m.

CVE-2024-0219 Privilege Elevation via Telerik JustDecompile Installer

2024-01-3115:11:21

CWE-269

ProgressSoftware

www.cve.org

cve-2024-0219

privilege elevation

telerik justdecompile installer

vulnerability

installation component

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

25.9%

JSON

In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Telerik JustDecompile Installer"
    ],
    "product": "Telerik JustDecompile",
    "vendor": "Progress Software",
    "versions": [
      {
        "lessThan": "2024 R1",
        "status": "affected",
        "version": "RC2012.1",
        "versionType": "semver"
      }
    ]
  }
]

References

docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability

www.telerik.com/products/decompiler.aspx

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

25.9%

JSON

Related for CVELIST:CVE-2024-0219